Hi Jason, > Nessus will not tell you anything about a router's security. It'll > tell you a lot about the presence of already known vulnerabilities, > but nothing about how secure (or better, insecure) such a router is.
I agree, that Nessus can only find known vuls, but to me 994 plugins are an awful lot and I feel, that if a router scores good in that test it�s an important piece in the puzzle. Sure, if a user doesn�t change the default admin password, how strong the router holds up against other attacks. > > Is this a good idea that will yield relevant rsults? Did I miss > > something? Any suggestions for improvments? > > You missed the pen-test side of it. Vulnerability enumeration is but a > small part of the pie. Ok then, what�s the pen-side for you? I thought, that what Nessus is doing is pen-testing. It tries all the buffer overflows and cross side scripting + the nmap-scanning. Sure, there is no individual sitting there trying to get into the machine, but pls bear in mind: We�re talking about SOHO-routers, so the router must be configured pretty decent, when it comes to security, but I belive that only very few of my readers - if any - will face the situation, that there�s someone, that under all circumstances will break into their router. I think, that if a router fends off the kiddies and their scripts + all unneccessary services closed + strong passwords it should be fine for the target group. But by any means: Tell me, what else I could/should do - the better the article gets the happier I am. > It's - to mention something we are both familiar with :) - like > running Nessus against a Zope server. Or, even worse, one of the other > commercial products. None of them knows about Hotfixes - simply > because Zope has such a small 'Marketshare' (it still rocks, though). But has already it�s own Nessus plugin :-) > How abot weak passwords, predictable passwords, backdoors? Nessus does > not address them, and was never meant, to. > Netopia, FlowPoint, Cayman, they all have and had their share of bugs > and vulnerabilities, most of them undetectable through simple > vulnerability enumeration but easily found through diligent research > and a good portion of curiosity applied to common knowledge. > > Let me not be misunderstood here - Vulns found by Nessus are a serious > concern, simply because they're the most likely ones to be found and > exploited. There's gazillions of twelve-year-olds out there who have > nothing better to do than run Nessus against random netblocks after > school, but that's only a small fraction of what pen-tests are all > about. > jonas
